Consider using signed container images

Because we give a lot of power to the CI jobs on our GitLab, we need some guarantees about the binaries used in the stack (see our Container images policy). We should consider whether having signed images could improve those guarantees and whether the cost of implementing that is justifiable.